Deserialization Threats

PAIT-ARV-100 (Archive Slip Bugs in ML Models)

Ecenur ÜzeJunior Pentester

September 2, 2024

1 min read

Overview

Many machine learning models are essentially zipped archives containing weights and configurations. A malicious archive can include filenames like ../../../../etc/passwd. When a Python script uses a vulnerable unarchiving function to extract the model, it overwrites critical files on the host.

Remediation

Sanitize paths during extraction. Never extract archives directly to root. Use safe unzipping libraries.

Security Validation

Have you tested this risk in your own system?

Eresus Security delivers real exploit evidence through penetration testing, AI agent security, and red team operations.

Request a pilot test